Data Privacy Statement

Privacy Policy

General Information and Mandatory Information

Data privacy

The website owner takes the protection of your personal data very seriously. When you use this website, various personal data are collected. Personal data are data which enable you personally to be identified. This Data Privacy Statement explains which data we collect and what we use them for. It also explains how this is done and for what purpose.

 

We would like to point out that the transfer of data via the Internet (e.g. when communicating by e-mail) may have security vulnerabilities. It is not possible to protect data completely from access by third parties.

 

We treat your personal data confidentially and in accordance with the legal data protection legislation and this Data Privacy Statement. This means the personal data of users are processed as follows when they visit this website (without additional contact by e-mail):

 

Types of personal data processed:

  • User-related data (e.g. name, address - only if contact is initiated electronically)
  • Contact data (e.g. e-mail address, telephone number - only if contact is initiated electronically)
  • Contents data (e.g. text input, image files, video files - only if contact is initiated electronically)
  • Meta/communications data (e.g. equipment information, IP addresses)

 

Categories of data subjects:

  • Visitors and users of the website (hereinafter all referred to as “Users”).

 

Purpose of processing:

  • Provision of the website offer, its functions and contents
  • Replying to enquiries and communication with users
  • Security measures

 

As a responsible provider we dispense with automatic decision-making and profiling.

Definitions

This Data Privacy Statement uses, among others, the following legal terms which are used by the European body issuing directives and regulations in the General Data Protection Regulation (GDPR) and which are defined therein in Art. 4 (Definitions) as follows:

 

Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

 

Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Controller

ROBEL Bahnbaumaschinen GmbH
Industriestrasse 31
D-83395 Freilassing
Germany

Tel.: +49-8654-609-0
Fax: +49-8654-609-100
E-Mail: info@robel.com

Data protection officer

In case of questions or suggestions regarding data protection and to enforce your rights as data subject please contact our data protection officer at any time:

 

ROBEL Bahnbaumaschinen GmbH
- Datenschutzbeauftragter - (Data protection officer)
Industriestrasse 31
D-83395 Freilassing
Germany
E-Mail: datenschutz@robel.com

Right to lodge a complaint with a supervisory authority

You have the right to complain to a supervisory data protection authority, in particular in the member state of your place of residence, your workplace or the place of the probable infringement if you are of the opinion that the processing of your personal data is unlawful.

Rights of the data subjects

The applicable data protection law grants you, as the data subject, extensive rights vis-a-vis the controller with regard to the processing of your personal data (right of access and intervention) about which we inform you below:

 

Right of access as per Art. 15 GDPR: In accordance with Art. 15 GDPR, you have the right to obtain from us information about your personal data processed by us. You should provide precise information on your request in the application so that it makes it easier to compile the data required. Please note that your right of access may be restricted under certain circumstances in accordance with legal regulations (in particular Article 34 of the German Data Protection Law and Art. 10 of the Bavarian Data Protection Law).

 

Right to rectification as per Art. 16 GDPR: You have the right to rectification of inaccurate personal data concerning you and/or completion of incomplete data stored by us without undue delay.

 

Right to erasure as per Art. 17 GDPR: You have the right to request erasure of personal data concerning you if the conditions listed in Art. 17 Para. 1 GDPR apply. However, this right is not applicable in particular where the processing is required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

 

Right to restriction of processing as per Art. 18 GDPR: You have the right to request restriction of processing of your personal data for a period enabling the verification of the accuracy of the personal data, if you oppose the erasure of your personal data due to improper data processing and request the restriction of their use instead; if you require your personal data for the establishment, exercise or defence of legal claims where we no longer need the personal data for the purposes of the processing; or if you have objected due to your particular situation pending the verification whether our legitimate grounds override your reasons.

 

Right to notification as per Art. 19 GDPR: If you have exercised your right to rectification, erasure or restriction of processing against the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients.

 

Right to data portability as per Art. 20 GDPR: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to request transmission of those data to another controller provided this is technically feasible.

 

Right to withdraw consent as per Art. 7 Para. 3 GDPR: You have the right to withdraw your consent to processing of your data at any time with future effect. In case of withdrawal of consent, we shall delete the data concerned without delay, provided further processing cannot be supported by a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

Right to object as per Art. 21 GDPR: You have the right to object to future processing of your personal data at any time in accordance with the provisions of Art. 21 GDPR. The objection may be in particular to processing of the personal data for direct marketing purposes.

 

We try to meet all inquiries within 30 days. This period may be extended for reasons related to the specific rights of the data subject or the complexity of your request.

Data collected on our website

This website uses cookies. Cookies are text files which are placed and stored on a computer/computer system of a user via an Internet browser. Various information can be stored in a cookie. A cookie is used primarily to store information on a user (or the equipment on which the cookie is stored) during or also after the visit to a website. Cookies are referred to as “session cookies” or “transient cookies” if they are deleted after the user leaves a website and closes the browser. Such a cookie stores, for example, the contents of a shopping basket in an online shop or a login status. Cookies are referred to as “permanent” or “persistent” if they continue to be stored even after the browser has been closed. Thus, for example, the login status can be stored if the user visits the website again several days later. Also, the interests of the user may be stored in such a cookie to be used for reach measurement or marketing purposes. Cookies are referred to as “third-party cookies” if they are offered by other parties than the controller who operates the website (otherwise, i.e. if they are only the controller’s cookies, they are referred to as “first-party cookies”).

 

If a user does not want cookies to be stored on his computer, he must deactivate the relevant option in the system settings of his browser. It is also possible to delete cookies already stored via the system settings of the browser. The blocking of cookies can lead to functional impairment of this website.

 

You can find further information on cookies here https://www.robel.com/en/cookie-notice/.

 

Server log files

 

The hosting services from our hosting provider are used to provide the following services for our website: Infrastructure and platform services, computer capacity, data storage and database services, security services and technical maintenance services which we use for the purpose of operating this website. We or our hosting provider process contact data (in case of e-mail contact: e-mail address), usage data, meta and communications data of users of this website on the basis of our legitimate interest in an efficient and safe provision of this website in accordance with Art. 6, Para. 1 (f) GDPR in conjunction with Art. 28 GDPR.

 

We or our hosting provider collect various general data and information on each access of our website by a data subject or an automated system. These general data and information are stored in the log files of the server. The following may be recorded (1) browser type and version used, (2) operating system used by the accessing system, (3) the web page from which the accessing system reaches our website (so-called referrer), (4) the sub-pages which are called up on our website by an accessing system, (5) the date and time of the access to the website, (6) the IP address, (7) the Internet service provider of the accessing system and (8) other similar data and information which are used to prevent danger in case of attacks on our IT systems.

 

When using these general data and information, we or our hosting provider draw no conclusions about the data subject. This information is rather required to (1) correctly display the contents of our website, (2) to ensure the continuous functionality of our IT systems and the technology of our website and (3) to be able to provide the law enforcement agencies with the information necessary for law enforcement in case of a cyber attack. The server log file data are stored separately from any personal data provided by a data subject.

Contact

If you are contacting us (e.g. by e-mail, telephone or social media), the user data are processed in accordance with Art 6, Para. 1 (b) GDPR to deal with the enquiry. The data provided by the user may be stored in a customer relationship management system (“CRM system”) or a similar enquiry system.

 

If you send us enquiries by e-mail, the data from the e-mail enquiry form including the contact data provided therein are stored by us to process the enquiry and in case of follow-on questions. We do not pass these data on to third parties without your consent.

 

Processing of the data provided in an e-mail therefore takes place exclusively on the basis of your consent (Art. 6 Para. 1 (a) GDPR). You can withdraw your consent at any time. It is sufficient to inform us of this by e-mail. The lawfulness of any data processing up to withdrawal of consent shall not be affected by the withdrawal of consent.

 

The data provided in an e-mail remain with us until you request their deletion, withdraw consent for their storage or the purpose for their storage is no longer applicable (e.g. after processing of the enquiry is completed). Mandatory legal requirements - in particular retention periods - shall not be affected.

 

Access and security logs at system level are maintained by the https//platform.sh/ service we use for diagnostic purposes. These logs are not accessible to us. They are kept for a minimum of 6 months and a maximum of 1 year. General system level logs are retained for a minimum of 30 days and a maximum of 1 year.

Legal basis

In accordance with Art. 13 GDPR we have to inform you of the legal basis for collecting personal data. Where the legal basis is not expressly mentioned in this Data Privacy Statement, the following shall apply: The legal basis for obtaining consent are Art. 6, Para. 1 (a) and Art. 7 GDPR, the legal basis for data processing to provide our services and implement contractual measures as well as reply to enquiries is Art. 6, Para. 1 (b) GDPR, the legal basis for data processing to meet our legal obligations is Art. 6, Para. 1 (c) GDPR and the legal basis for data processing to protect our legitimate interest is Art. 6, Para. 1 (f) GDPR.

Disclosure of data

The disclosure of your personal data to third parties for purposes other than those listed below does not take place. We disclose your personal data to third parties only if:

  • you have given your express consent to this in accordance with Art. 6, Para. 1 (a), sentence 1 GDPR;
  • disclosure in accordance with Art. 6, Para. 1 (f) sentence 1 GDPR is required for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in non-disclosure of your data;
  • there is a legal requirement for disclosure in accordance with Art. 6, Para. 1 (c) sentence 1 GDPR; and
  • this is legally permissible and, in accordance with Art. 6, Para. 1 (b) sentence 1 GDPR, required for the implementation of the contractual relationship with you.

If we disclose data to other persons or companies (processors or third parties) within the scope of data processing, transmit data to them or grant them other access to data, this will be done on the basis of statutory authorisation or on the basis of your consent or because a legal duty provides for this or on the basis of our legitimate interests (e.g. when using a hosting provider etc.). 

 

If we enter into a “data processing agreement” with a third party for the processing of personal data, this is done on the basis of Art. 28 GDPR.

If we process data in a third country (i.e. outside the European Union (EU) or outside the European Economic Area (EEA)) or if this takes place within the scope of utilising the services of third parties by disclosure or transmission of data to third parties, this shall be done only if it is done to meet our (pre)-contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal and contractual permissions, we process the data or the data are processed in a third country only if the special conditions of Art. 44 ff GDPR are met. This means, processing takes place, for example, on the basis of special guarantees such as the officially accepted decision that the level of data protection is equivalent to that of the EU or observance of officially accepted special contractual provisions (“Standard Contract Clauses”).

Erasure of data / restriction of processing

The personal data processed by us are erased or their processing is restricted in accordance with Art. 17 and Art. 18 GDPR. Unless expressly stated in this Data Privacy Statement, the data stored by us are erased as soon as they are no longer required for their intended purpose and the erasure does not conflict with the legal obligation to retain such data. This applies, for example, to data which must be stored for reasons of commercial or tax law (e.g. Art. 257 German Commercial Code, Art. 147, Para. 1 German Tax Code - retention for up to 10 years). If the data are not erased because they are required for other legally permissible purposes, their processing will be restricted. This means the data will be restricted and not processed for any other purpose.

Data protection provisions for the use of YouTube

The person responsible for processing links to components from YouTube on this website. YouTube is an Internet video portal which allows the free placing of video clips and the free viewing, rating and commenting by other users of these. YouTube permits the publication of all types of videos so that complete films and TV broadcasts, but also music videos, trailers or videos made by users themselves can be called up via the Internet portal.

 

The operating company of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

By clicking a preview image of a video on this website, the Internet browser on the information technology system of the user is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be found at https://www.youtube.com/intl/en/yt/about/. As part of this technical process, YouTube and Google will gain knowledge on which specific page of our website has been visited by the data subject.

If the data subject is simultaneously logged into YouTube, YouTube will recognise on calling up a page containing a YouTube video which specific page of our website has been visited by the data subject. This information is collected by YouTube and Google and linked to the YouTube account of the data subject.

YouTube and Google always receive the information via the YouTube component that the data subject has visited our web page if the data subject is simultaneously logged into YouTube when calling up our web page; this takes place independently of whether the data subject clicks on a YouTube video or not. If the data subject does not wish that this information is transmitted to YouTube and Google, the data subject can prevent this transmission by logging out of the YouTube account before calling up our web page.

 

The privacy policy published by YouTube is available under policies.google.com/privacy and gives information on the collection, processing and use of personal data by YouTube and Google.

Service provider JotForm

Our website links to a form of the jotform.com website operated by JotForm Inc. The operator of this website is JotForm Inc., 111 Pine St. Suite 1815, San Francisco, CA 94111, USA.

 

We use this form to provide you with an opportunity to contact us and to register for an event. By entering text and optionally selecting the offered checkboxes in this form, after clicking on the submit button, this data will be transmitted to us and stored on the German servers of JotForm Inc. for the purpose of processing the request as well as in case of follow-up questions. Please note that a direct connection to the servers of JotForm Inc. is made when you visit this form website of JotForm Inc.

 

With JotForm Inc., we have signed a data-processing agreement in which JotForm has committed itself to protect our customers' data and not to disclose it to third parties.

 

For more information about how to handle user information, please refer to JotForm Inc.'s Privacy Policy at: https://www.jotform.com/privacy/ . By being certified under the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt00000008UvGAAU&status=Active , JotForm Inc. also guarantees that the EU's privacy standards will be met when processing data in the US.

Data protection for job applications and during the application process

The data controller collects and processes the personal data of applicants for the purpose of carrying out the application process. Processing may also take place electronically. This is the case in particular if an applicant has submitted the application documents to the controller electronically, for example by e-mail or via a web form on a web page. If the controller enters into an employment contract with an applicant, the data transmitted are stored for the purpose of processing the employment relationship taking account of the legal provisions. If the controller does not enter into an employment contract with the applicant, the application documents shall be automatically deleted six months after notification of the negative reply provided no other legitimate interests of the controller conflict with this. Other legitimate interests in this context are, for example, an obligation to provide proof in proceedings under the German Equality Act (AGG).

Security measures

We take organisational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection legislation are observed and in this way to protect data processed by us against accidental or deliberate manipulations, loss, destruction or against access by unauthorised persons.

Data protection information for journalists and press representatives

Data is processed for inclusion in our press mailing list to send information about our company and our products in the form of press releases. If necessary, we process your data to protect the legitimate interests of us or third parties e.g. Processing in the CRM system.

Google reCAPTCHA

What is Google reCAPTCHA?

reCAPTCHA is a free captcha service from Google that protects websites from spam software and misuse by non-human visitors. A captcha service is a tool that is designed to ensure that an action on the Internet is performed by a human being and not a bot. At reCAPTCHA, a JavaScript element is integrated into the source text and analyzes your user behavior. The software calculates a so-called captcha score from these user actions. reCAPTCHA or Captchas in general are always used when bots could manipulate or misuse certain actions (e.g. registrations, surveys, etc.).

 

Why do we use reCAPTCHA on our website?

We do everything we can to protect ourselves from bots or spam software of all kinds and to offer you the best possible user friendliness. For this reason, we use Google reCAPTCHA to remain a "bot-free" website. By using reCAPTCHA, data is transmitted to Google to determine whether you really are human. reCAPTCHA thus serves the security of our website and subsequently also your security. For example, without reCAPTCHA it would be possible for a bot to register many e-mail addresses when registering in order to "spam" on forums or blogs with unwanted advertising content. With reCAPTCHA such bot attacks can be avoided.

 

What data does reCAPTCHA store?

reCAPTCHA collects personal data from users to determine whether the actions on our website really come from people. So the IP address and other data that Google needs for the reCAPTCHA service can be sent to Google. Within the member states of the EU or other contracting states of the Agreement on the European Economic Area, IP addresses are almost always shortened before the data ends up on a server in the USA. The IP address will not be combined with other Google data unless you are logged in with your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) have already been placed on your browser. Then reCAPTCHA sets an additional cookie in your browser and takes a snapshot of your browser window.

 

The following list of collected browser and user data is not exhaustive.

Rather, they are examples of data that can be processed by Google:

  • Referrer URL (the address of the page the visitor comes from)
  • IP address (e.g. 256.123.123.1)
  • Information about the operating system
  • Cookies (small text files that save data in your browser)
  • Mouse and keyboard behavior
  • Date and language settings
  • All javascript objects
  • Screen resolution (shows how many pixels the image display consists of)

 

The fact is that Google uses and analyzes such data even before you click “Submit”. We have therefore integrated a consent box on our website that notifies you of this special marketing cookie and that only allows you to fill out the contact or product request using the form if you agree to reCAPTCHA being set.

 

Further information can be found in the data protection guidelines and the terms and conditions of Google reCAPTCHA.

Customer references

ROBEL uses customer opinions for product marketing.

 

On the one hand, references from our customers serve to improve products and, on the other hand, your references help other customers to make a purchase decision.

 

Many consumers consult reviews and reviews from previous customers before ordering a product or using a service. This is what makes customer and user reviews so important for ROBEL - the more reviews our customers can collect, the more comprehensively they can find out about ROBEL and the range of offers.

Email advertising

We only send e-mails, newsletters and other electronic notifications (hereinafter referred to as "e-mail advertising") with the consent of the recipient or with a legal permission, e.g. in the case of existing customer advertising. Your name is provided so that you can address you personally in the message and, if necessary, identify it if you want to exercise your rights as a data subject.

 

The legal basis for this processing is your consent, Art. 6 Para. 1 lit. a GDPR (EU General Data Protection Regulation).

 

You can revoke your consent to the storage of your personal data and their use for email advertising at any time. There is a corresponding link in every email advertisement.

Privacy Settings

You can modify your privacy settings here.

Privacy
The controller (ROBEL Bahnbaumaschinen GmbH, Germany) would like to use the following services in order to process your personal data. Technologies such as cookies, localStorage, etc. can be used for personalization. This is not necessary for the use of the website, but allows us to interact with you more closely. Please select, if appropriate, the following options: